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DETAILED ACTION 
Claim Objections 

1 . Claims 6 and 9 are objected to because of the following informality: Claim 6 ends 
withthe word, "and" (Amendment: p. 6, In. 19), However, no fUrther limitations are 
recited. Examiner observes that the trailing "and" is a likely the result of a cut and paste 
error. Appropriate correction is required. Dependent Claim 9 inherits the same 
deficiency from Claim 6. 

2. Claim 13 is objected to for improper use of trademark. The use of the trademark 
ENTERPRISE JAVA BEAN (TM) (Amendment: p. 9, In. 1) has been noted in this 
application. It should be capitalized wherever it appears and be accompanied by the 
generic terminology. Although the use of trademarks is permissible in patent 
applications, the proprietary nature of the marks should be respected and every effort 
made to prevent their use in any manner which might adversely affect their validity as 
trademarks. 

Claim Rejections - 35 USC § 112 

3. The following is a quotation of the second paragraph of 35 U.S.C. 112: 

The specification shall conclude with one or more claims particularly pointing out and distinctly 
claiming the subject matter which the applicant regards as his invention. 
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4. Claims 1-4 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Claim 1 contains a parenthetical term, "(identity)" (Amendment: p. 4, Ins. 16 and 
22). A member of the public cannot determine the degree of weight to apply to 
parenthetical terms, see MPEP 2173. Examiner suggests that a simple removal of the 
parentheses will overcome this rejection. Dependent Claims 2-4 inherit the same 
rejection from Claim 1 . 

5. Claims 5-6, and 9 are rejected under 35 U.S.C. 1 12, second paragraph, as being 
indefinite for failing to particularly point out and distinctly claim the subject matter 
which applicant regards as the invention. 

Claim 5 recites the limitation "directory" (Amendment: p. 6, In. 6). There is 
insufficient antecedent basis for this limitation in the claim. Examiner observes that the 
error is likely based on cutting and pasting the limitation from the original Claim 6, 
which recites the directory in question. 

Dependent Claims 6 and 9 inherit the same rejection from Claim 5. 

Claim Rejections - 35 VSC § 103 

6. The text of those sections of Title 35, U.S. Code not included in this action can be 
found in a prior Office action. 
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7. . Claims 1 and 2, and 12 and Claim 14 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over U.S. Patent No. 6,067,559 issued to AUard et al. (hereafter Allard 
'559) in view of the pubUcation, "Role Based Access Control for the World Wide Web" 
by Barkely et al. (hereafter Barkely '97), in further view of U.S. Patent No. 6,314,428 
issued to Brew et al. (hereafter Brew '428), and moreover in view of applicant's admitted 
prior art in the pending application 09/997707 (hereafter AAPA). 
Claims 1-2: 

Regarding Claim 1, Allard '559 discloses: a method for creating multiple user 
appUcation programs (Allard '559: col. 11, Ins. 1 1-20) using a single application server 
and a single database server (Allard '559: col. 6, Ins. 18-22), including the steps of 

- providing the appUcation server with a first application and a second application 
(Allard '559: col. 5, Ins. 58-64; col. 6, Ins. 2-5); 

- responding to information to choose the first application (Allard '559: col. 5, In. 
68 to col. 6, In. 2); 

- creating a first user application program from the first application and the first 
data (Allard '559: col. 5, In. 68 to col. 6, In. 2; col.7, Ins. 62-68; col. 1, Ins. 20-24; 
col, 2, Ins. 28-32); and 

- creating a second user appUcation program from the second application and the 
second data (Allard '559: col. 5, In. 68 to col. 6, In. 2; col,7, Ins. 62-68; col. 6, Ins. 
6-18; col. 1, Ins. 20-24; col. 2, Ins. 28-32). 

However, Allard '559 does not expUcitly disclose: 

- storing user identification data including information relating to company user 
and user role; or 
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- use of a single database server. 

Furthermore, Allard '559 does not explicitly disclose the additional limitations as entered 
via present amendment: 

- the first and second applications relate to a first and second user role respectively; 

- the information to choose the first data relates to the first company and the first 
user (identity). 

- responding to the information relating to the first user role to choose the first 
application; 

- responding to the information relating to the first company and first user (identity) 
to choose the first data; 

- responding to the information relating to second user role to choose the second 
application; or 

- responding to the information relating to second company and second user 
(identity) to choose the second data. 

Barkely '97 discloses a Role Based Access Control (RBAC) system including the 
following: 

- storing user identification data including information relating to company user 
and user role (Barkely '97: p. 7, Fig. 3; p. 6, Table 1); and 

- the information to choose the first data relates to the first company and the first 
user (identity) (Barkely '97: Section 2, pp. 2-4 - section discloses RBAC as 
consisting of creating access control based on roles v^^hich are defined by 
particular users and their particular organization. This reads on user company 
information because a company is an organization). 
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Barkely '97 does not disclose: 

- use of a single database server. 

Furthermore, Barkely '97 does not explicitly disclose the additional limitations as entered 
via present amendment: 

- the first and second applications relate to a first and second user role respectively; 

- responding to the information relating to the first user role to choose the first 
appHcation; 

- responding to the information relating to the first company and first user (identity) 
to choose the first data; 

- responding to the information relating to second user role to choose the second 
application; or 

- responding to the information relating to second company and second user 
(identity) to choose the second data. 

Brew '428 discloses an application manager for a multi-user environment. 
Specifically, Brew '428 discloses: 

- the first and second applications relate to a first and second user role respectively 
(Brew '428: col. 7, Ins. 40-45; col. 5, Ins. 13-18 - note that an application 
definition relates to a particular application and to a particular user), 

- responding to the information relating to the first user role to choose the first 
appUcation (Brew '428: col. 7, Ins. 40-54); 

- responding to the information relating to the first company and first user (identity) 
to choose the first data (Brew '428: col. 7, Ins. 40-54; col. 5, Ins. 13-18 - note 
apphcation definition relates to a user); 
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- responding to the information relating to second user role to choose the second 
appUcation (Brew '428: col. 7, Ins. 40-54; col. 7, Ins. 61-63 - note that the Brew 
'428 process is on a per client and per user basis); and 
responding to the information relating to second company and second user 
(identity) to choose the second data (Brew '428: col. 7, Ins. 40-54; col. 5, Ins. IS- 
IS - note application definition relates to a user). 
However, Brew '428 does not explicitly disclose use of a single database server. 

AAPA admits the use of a single database server for multiple companies as prior 
art(AAPA: p. 3,1ns. 1-5). 

It would have been obvious for a person having ordinary skill in the art to apply 
the RBAC system of Barkely '97 to the apphcation server of Allard '559. Note that 
integrating the RBAC system of Barkely '97 to an application server requires no 
significant modification to the appUcation server (Barkely '97: p. 5, Ins. 1-18). The 
motivation to accomplish said application is suggested by Barkely '97 which discloses 
the well known benefits of role based access control (as opposed to control via access 
control lists) via the RBAC engine of Barkely '97 to web servers such as that of Allard 
'559 (Barkely '97: p. 5, Ins. 21-37). 

Furthermore, it would have been obvious for a person having ordinary skill in the 
art to apply the application management method of Brew '428 to the Allard '559 and 
Barkely '97 combination. The motivation to combine is suggested by Brew '428 which 
discloses the advantages of customizability for individual users via the method of Brew 
'428 on distributed systems such as that of Allard '559 and Barkely '97 in combination 
(Brew '428: col. 1, Ins. 44-50). 
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Moreover, it would have been obvious for a person having ordinary skill in the art 
to use a single database server as admitted in AAPA for the data of multiple companies as 
appHed to the combination of AUard '559, Barkely '97, and Brew '428. The motivation 
to combine is suggested by AAPA which discloses as prior art the advantages of reducing 
hardware costs by storing data of multiple companies on a single database as applied to 
the combination of Allard '559, Barkely '97, and Brew '428 (AAPA: p. 2, Ins. 25-29). 
Claims 2 and 14: 

Regarding Claims 2 and 14, Allard '559, Barkely '97, Brew '428, and AAPA in 
combination disclose all the limitations of Claim 1 (supra). Additionally, Allard '559, 
Barkely '97, Brew '428, and AAPA in combination disclose 

- (Claim 2) storing the first user application program and the second user 
apphcation program in the memory of the single application server (Allard '559: 
col. 6, Ins 18-23; col. 6, Ins. 2-5); 

- (Claim 14) loading the information relating to company user and user role into a 
variable resource specifier (Brew '428: col. 7, Ins. 40-63); and using the variable 
resource specifier to connect to a particular portion of the single database server 
(Brew '428: col. 7, Ins. 40-63; and AAPA: p. 2, Ins. 25-29). 

8. Claims 3 and 4 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Allard '559, Barkely '97, Brew '428, and AAPA, in flirther view of the publication, 
"Solaris 2.6, Administrator Certification Training Guide" by Bill Calkins (hereafter 
Calkins '99). 
Claim 3: 
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Regarding Claim 3, Allard '559, Barkely '97, Brew '428, and AAPA teach all the 
limitations of Claim 1 as described above. However, Allard '559, Barkely '97, Brew 
'428, and AAPA in combination do not teach creating a directory responsive to user log- 
on data to provide the company, user identity, and user role data; or programming a 
directory with subjective data relating to the company, user identity, and user role for 
each authorized user of the application server. 

However, Calkins '99 teaches creating a directory responsive to user log-on data 
to provide the company, user identity, and user role data (Calkins '99 pp. 78-79 in 
particular the last two lines on p. 79); and programming a directory with subjective data 
relating to the company, user identity, and user role for each authorized user of the 
appUcation server (Calkins '99 pp. 78-79 in particular the last two lines on p. 79). 

Regarding Claim 3, it would have been obvious to apply the creating a directory 
responsive to user log-on data to provide the company, user identity, and user role data of 
Calkins '99 with Allard '559, Barkely '97, Brew '428, and AAPA combination as 
described above. The motivation to combine is suggested by Barkely '97 which discloses 
the creating a directory responsive to user log-on data to provide the company, user 
identity, and user role data such as that of Calkins '99 to an application server, such as 
the Allard '559, Barkely '97, Brew '428, and AAPA combination in order to tie role 
based access control with to user identity in conjunction with a facility already in place 
(Barkely '97: p. 5, Ins. 31-35). 
Claim 4: 

Regarding Claim 4, Allard '559, Barkely '97, Brew '428, AAPA, and Calkins '99 
in combination disclose all the limitations of Claim 3 as described above. Additionally, 
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Allard '559, Barkely '97, Brew '428, AAPA, and Calkins '99 in combination discloses 
that the access control to directories also covers programming a directory with subjective 
data relating to the company, user identity, and user role for each authorized user of the 
application server (Calkins '99 pp. 78-79 in particular the last two lines on p. 79). 

9. Claims 5, 6, and 9 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Allard '559, Barkely '97, Brew '428, and AAPA in view of Sun '99 in combination, and 
in further view of Calkins '99. 
Claim 5: 

Allard '559 discloses a method for programming (Allard '559: col. 1 1, Ins. 11- 
20), based on information relating to identity of a user (Allard '559: col. 5, In. 58 to col. 
6, In. 5) comprising the steps of 

- Providing a plurality of applications relating to different fimctions of the company 
(Allard '559: col. 2, Ins. 25-43); 

- Selecting a particular one of the appUcations (Allard '559: col. 4, Ins. 42-44); 
Programming the selected application component to access a particular portion of 
the database associated with the identity of the user (Allard '559: col. 2, Ins. 25- 
43). 

However, Allard '559 does not explicitly disclose: 

The use of user roles, or user attributes such as the company of a user or the role 

of a user within a company, to select application or data. 

Providing the database including data relating to different companies; 
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- Providing an application server configured to use an ENTERPRISE JAVABEAN 
(TM) protocol, or of applications implemented with ENTERPRISE 
JAVABEANS (TM). 

Additionally, Allard '559 does not explicitly disclose the newly added limitations: 

- during the programming step, responding to the indication of the directory as to 
the user identity and the company of the user, to program the bean to access the 
particular portion of the database; 

- instantiating the programmed bean to create a first clone bean adapted to access 
the particular portion of the database; and 

- creating a second clone bean fi-om the particular application bean, the second 
clone bean being adapted to access a second portion of the database different than 
the first portion of the database. 

Barkely '97 discloses an RBAC system. Specifically, Barkely '97 discloses a 
method including: 

- modifying a method for programming such that the applications are based on 
information relating to identity of a user, company of the user, and role of the user 
with the company (Barkely '97: Section 2, pp. 2-4 - section discloses RBAC as 
consisting of creating access control based on roles which are defined by 
particular users and their particular organization. This reads on user company 
information because a company is an organization); 

- modifying a method for programming such that the applications are associated 
with different fianctions of the company (Barkely '97: Section 2, pp. 2-4); 

However, Barkely '97 does not explicitly disclose: 
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- providing the database including data relating to different companies; 

- selecting a particular application associated with user role; 

- selecting a first particular portion of the database associated with the company of 
the user, and the identity of the user. 

providing an application server configured to use an ENTERPRISE JAVABEAN 
(TM) protocol, or of applications implemented with ENTERPRISE 
lAVABEANS (TM). 
Additionally, Barkely '97 does not explicitly disclose the newly added limitations: 

- during the programming step, responding to the indication of the directory as to 
the user identity and the company of the user, to program the bean to access the 
particular portion of the database; 

- instantiating the programmed bean to create a first clone bean adapted to access 
the particular portion of the da.tabase; and 

- creating a second clone bean from the particular application bean, the second 
clone bean being adapted to access a second portion of the database different than 
the first portion of the database. 

Brew '428 discloses an application manager for a multi-user environment. 
Specifically, Brew '428 discloses: 

- selecting a particular apphcation associated with user role (Brew '428: col. 7, Ins. 
40-54); 

- selecting a first particular portion of the database associated with the company of 
the user, and the identity of the user (Brew '428: col. 7, Ins. 40-54; col. 5, Ins. IS- 
IS - note apphcation definition relates to a user); 
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- instantiating the programmed application to create a first clone application 
adapted to access the particular portion of the database (Brew '428: col. 7, Ins. 
40-63); and 

- creating a second clone application the second clone application being adapted to 
access a second portion of the database different than the first portion of the 
database (Brew '428: col. 7, Ins. 40-63). 

However, Brew '428 does not explicitly disclose: 

- providing the database including data relating to different companies; 

- providing an application server configured to use an ENTERPRISE JAVABEAN 
(TM) protocol, or of applications implemented with ENTERPRISE 
JAVABEANS (TM). 

AAPA teaches providing the database including data relating to different 
companies (AAPA: p. 3, Ins. 1-5). However, AAPA does not explicitly disclose the use 
of ENTERPRISE JAVABEANS (TM). Furthermore, AAPA does not expUcitly disclose 
the newly added limitations of 

- during the programming step, responding to the indication of the directory as to 
the user identity and the company of the user, to program the bean to access the 
particular portion of the database; 

Sun '99 discloses the providing an application server configured to use an 
ENTERPRISE JAVABEAN (TM) protocol (Sun '99: p. 15, Ins, 4-5), and applications 
implemented with ENTERPRISE JAVABEANS (TM) (Sun '99: p. 15, Ins. 1-4). 
However, Sun '99 does not explicitly disclose the newly added limitations of 
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- during the programming step, responding to the indication of the directory as to 
the user identity and the company of the user, to program the bean to access the 
particular portion of the database; 
Calkins '99 discloses: 

during the programming step, responding to the indication of the directory as to 
the user identity and the company of the user, to program the bean to access the 
particular portion of the database (Calkins '99 pp. 78-79 in particular the last two 
lines on p. 79). 

It would have been obvious for a person having ordinary skill in the art to 
combine the RBAC system of Barkely '97 with the application server of Allard '559. 
The motivation to combine is on the same basis as Claim 1 (supra). 

It would have been obvious for a person having ordinary skill in the art to apply 
the application management method of Brew '428 to the Allard '559 and Barkely '97 
combination. The motivation to combine is on the same basis as Claim 1 (supra). 

It would have been obvious for a person having ordinary skill in the art to use a 
single database server as admitted in AAPA for the data of multiple companies as applied 
to the combination of Allard '559, Barkely '97, and Brew '428. The motivation to 
combine is on the same basis as Claim 1 (supra). 

It would have been obvious to provision the Allard '559, Barkely '97, Brew '428, 
and AAPA combination above with ENTERPRISE JAVABEANS (TM) and to 
implement applications using ENTERPRISE JAVABEANS (TM). The ordinarily skilled 
artisan would have been motivated to provision the Allard '559, Barkely '97, and AAPA 
combination above with ENTERPRISE JAVABEANS (TM) and to implement 
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applications using ENTERPRISE JAVABEANS (TM) in order to be compliant with a 
standard industry specification, and thus increase market share for the combination. 
Further note that while the exemplar of the application in the application server of the 
Allard '559, Barkely '97, Brew '428 and AAPA combination, is MICROSOFT ISAPI 
(TM), Allard '559 states, "It is noted, however, that this invention may be implemented 
using technology other than ISAPI (TM)" (Allard '559: col. 6, Ins. 40-41). 

It would have been obvious to apply the creating a directory responsive to the user 
the company of the user, and the role of the user; and further to apply the indication of 
the directory as to the role of the user; and yet further to apply the indication of the 
directory as to the user identity and the company of the user, as taught by Calkins '99 to 
the Allard '559, Barkely '97, Brew '428, AAPA, and Sun '99 combination as described 
above. The motivation to combine is suggested by Barkely '97 which discloses the 
creating a directory responsive to user log-on data to provide the company, user identity, 
and user role data such as that of Calkins '99 to the appUcation server of the Allard '559, 
Barkely '97, Brew '428, AAPA, and Sun '99 combination in order to tie role based 
access control with to user identity in conjunction with a facility already in place 
(Barkely '97: p. 5,1ns. 31-35). 
Claims 6: 

Regarding Claim 6, Allard '559, Barkely '97, Brew '428, AAPA, Sun '99, and 
Calkins '99 disclose all the limitations of Claim 5 above. Additionally, Allard '559, 
Barkely '97, Brew '428, AAPA, Sun '99, and Calkins '99 disclose: 
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- providing a directory responsive to the user to indicate the user identity, the 
company of the user, and the role of the user (Calkins '99 pp. 78-79 in particular 
the last two lines on p. 79); and 

during the selecting step, responding to the role of the user to select the particular 
bean (Barkely '97: p. 5, Ins. 1-2; p. 5. Ins. 19-23). 
Claim 9: 

Regarding Claims 9, Allard '559, Barkely '97, Brew '428, AAPA, Sun '99, and 
Calkins '99 in combination disclose all the limitations of Claim 6 above. Additionally, 
Allard '559, Barkely '97, Brew '428, AAPA, Sun '99, and Calkins '99 disclose: storing 
the first clone appUcation and the second clone application in memory (Allard '559: col. 
6, Ins. 18-23; col. 6, Ins. 2-5). Moreover, Allard '559, Barkely '97, Brew '428, AAPA, 
Sun '99, and Calkins '99 in combination discloses the implementation of the above 
apphcations using ENTERPRISE JAVABEANS (TM) (Sun '99: p. 15, Ins. 1-5). 

10. Claims 10-1 1 are rejected under 35 U.S.C. 103(a) as being unpatentable over 
Allard '559, Barkely '97, and AAPA, in view of Calkins '99. 
Claim 10: 

Regarding Claim 10, Allard '559 teaches: 

- A container to create a program, the container having one or more applications 
applicable to one or more companies (Allard '559: col. 5, Ins. 58-64 - note that 
the container of Allard '559 contains at least one application that apphes to at 
least one company, thus reads on the container having one or more applications 
applicable to one or more companies); 
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- A container to provide the program with access to a particular portion of the data 
of the company in the database (Allard '559: col. 2, Ins. 25-43); 
Allard '559 does not teach the use of roles, and user company information, and 
furthermore does not teach the use of a single database to store the data of multiple 
companies, and moreover does not teach the use of a directory accessible to multiple 
users from multiple companies to indicate user identity, user role, and user company. 
Barkely '97 teaches modifying the above as follows: 

- a container responsive to user role to create a program (Barkely '97: Section 
3,2,1ns. 7-8, and Fig. 3); 

a container responsive to user identity, user role, and user company to create a 
program and to provide the program with access to a particular portion of the 
data of the company in the database (Barkely '97: Section 3.2, Ins. 7-8, and 
Fig. 3). 

However, Barkely '97 does not teach the use of a single database to store the data of 
multiple companies and furthermore does not teach the use of a directory accessible to 
multiple users from multiple companies to indicate user identity, user role, and user 
company. 

AAPA teaches: a single database storing data for each of the multiple companies 
(AAPA: p. 3, Ins. 1-5). However, AAPA does not teach the use of a directory accessible 
to multiple users from multiple companies to indicate user identity, user role, and user 
company. 

Calkins '99 teaches: 
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- A directory responsive to multiple users from multiple companies to provide 
an indication of user identity, user role, and user company (Calkins '99 pp. 
78-79 in particular the last two lines on p. 79). 

- Directory indications of user identity, user role, and user company (Calkins 
'99 pp. 78-79 in particular the last two lines on p. 79). 

It would have been obvious for a person having ordinary skill in the art to 
combine the RBAC system of Barkely '97 with the apphcation server of Allard '559. 
The ordinarily skilled artisan would have been motivated to combine the RBAC system 
of Barkely '97 with the application server of Allard '559 on the same basis as Claim 1 
(supra). 

It would have been obvious for a person having ordinary skill in the art to 
combine the user of a single database with data from multiple companies as taught by 
AAPA with the Allard '559, Barkely '97 combination above. The ordinarily skilled 
artisan would have been motivated to combine the user of a single database with data 
from multiple companies as taught by AAPA with the Allard '559, Barkely '97 
combination above on the same basis as Claim 1 (supra). 

It would have been obvious for a person having ordinary skill in the art to 
combine the directory accessible to muhiple users from multiple companies to indicate 
user identity, user role, and user company as taught by Calkins '99 with the Allard '559, 
Barkely '97 and AAPA combination above. The motivation to combine is suggested by 
Barkely '97 which discloses the creating a directory accessible to multiple users from 
multiple companies to indicate user identity, user role, and user company such as that of 
Calkins '99 to the apphcation server of the Allard '559, Barkely '97, and AAPA 
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combination in order to tie role based access control with to user identity in conjunction 
with a facility already in place (Barkely '97: p. 5, Ins, 31-35). 
Claim 1 1 : 

Regarding Claim 11, AUard '559, Barkely '97, AAPA, and Calkins '99 in 
combination disclose all the limitations of Claim 10. (supra). Additionally, AUard '559, 
Barkely '97, AAPA, and Calkins '99 in combination disclose: 

- the container is responsive to user role to create the program (Barkely '97; 
Section 3.2, Ins. 7-8, and Fig. 3); and 

- the container is responsive to user identity and company to provide the 
program with access to the particular portion of data in the database (Barkely 
'97: Section 3.2, his. 7-8, and Fig. 3). 

Note that Barkely '97, of the AUard '559, Barkely '97, AAPA, and Calkins '99 
combination above also teaches the container is responsive to user role to create the 
program; and the container is responsive to user identity and company to provide the 
program with access to the particular portion of data in the database as described above. 

1 1 . Claim 12 is rejected under 35 U.S.C. 103(a) as being unpatentable over Allard 
'559 in view of Barkely '97, in further view of AAPA. Examiner notes that with the 
exception of a grammatical correction, Claim 12 is identical to the original, and previous 
Office Action rejection is reiterated below. 
Claim 12: 

Allard '559 teaches a method for creating a first application program for a first 
user (AUard '559: col. 5, In. 68 to col. 6, In. 2; col.7. Ins. 62-68), and a second application 
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program for a second user (Allard '559: col. 5, In. 68 to col. 6, In. 2; col.7, Ins. 62-68; col. 
6, Ins. 6-18), comprising the steps of: 

a) Providing a single application server with multiple master programs 
(Allard '559: col. 5, Ins. 58-64); 

b) Selecting a first one of the master programs (Allard '559: col, 5, In. 64 to 
col. 6, In. 5); 

c) Selecting first data from the database (Allard '559: col. 1, Ins. 20-24; col. 
2, Ins. 28-32); 

d) Creating the first application program from the first master program and 
the first data (Allard '559: col. 5, In. 68 to col. 6, In. 2; col.7, Ins. 62-68); 

e) Selecting second data from the database (Allard '559: col. 1, Ins. 20-24; 
col. 2, Ins. 28-32); and 

f) Creating the second application program Irom the second master program 
and the second data (Allard '559: col. 5, In. 68 to col. 6, In. 2; col.7, Ins. 
62-68; col. 6, Ins. 6-18). 

Allard '559 does not teach the use of a database server with data associated with 
multiple companies or the use of roles. 

Barkely '97 teaches an RBAC system including the following: 

Step b) above modified such that the selection of a first program is based on 

first user role (Barkely '97: p. 5, Ins. 1-2; p. 5. Ins. 19-23); 
- Step c) above modified such that the first data being dependent on the first 

user identity and first user company (Barkely '97: p. 5, Ins. 1-2; p. 5. Ins. 19- 

23); 
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- Step e) above modified such that the second data is dependent on the second 
user identity and second user company (Barkely '97: p. 5, Ins. 1-2; p. 5. Ins. 
19-23). 

AAPA admits providing a database server with data associated with multiple 
companies (AAPA: p. 3, Ins. 1-5). 

It would have been obvious for a person having ordinary skill in the art to apply 
the RBAC system of Barkely '97 to the appHcation server of Allard '559. The ordinarily 
skilled artisan would have been motivated to apply the RBAC system of Barkely '97 to 
the application server of Allard '559 on the same basis as Claim 1 (supra). 

Furthermore, it would have been obvious for a person having ordinary skill in the 
art to use a single database server as admitted in AAPA. The ordinarily skilled artisan 
would have been motivated to use a single database server as admitted in AAPA for the 
data of multiple companies as applied to the combination of Allard '559 and Barkely '97 
above on the same basis as Claim 1 (supra). 

12. Claim 13 is rejected under 35 U.S.C. 103(a) as being unpatentable over Allard 
'559, Barkely '97, and AAPA in view of the publication "The ENTERPRISE 
JAVABEANS (TM) Specification, vl . 1" by Vlada Matena, and Mark Hapner (hereafter 
Sun '99). Examiner notes that with the exception of a grammatical correction, Claim 13 
is identical to the original, and previous Office Action rejection is reiterated below. 
Claim 13: 

Regarding Claim 13, Allard '559, Barkely '97, and AAPA teach all the 
limitations of Claim 12 as described above. 
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Furthermore, Barkely '97, in the Allard '559, Barkely '97, and AAPA 
combination as described above teaches: 

- During the first selecting step, selecting a first apphcation based on the first 
user role (Barkely '97: p. 5, Ins. 1-2; p. 5. Ins. 19-23); 

Moreover Allard '559, in the Allard '559, Barkely '97, and AAPA combination as 
described above teaches: 

- During the second selecting step, programming the first application to access 
the first data (Allard '559: col. 5, In. 68 to col. 6, In. 2; col.7. Ins. 62-68; col. 
1, Ins. 20-24; col. 2, Ins. 28-32). 

Allard '559, Barkely '97, and AAPA in combination do not teach that the 
applications above are implemented as ENTERPRISE JAVA BEANS (TM), nor do they 
teach the providing an ENTERPRISE JAVA BEAN (TM) protocol, in the application 
server wherein the multiple master programs comprise multiple master beans. 

Sun '99 teaches the providing of an application server with an ENTERPRISE 
JAVA BEAN (TM) protocol (Sun '99: p. 15, Ins. 4-5) and teaches the implementation of 
application via ENTERPRISE JAVA BEANS (TM) (Sun '99: p. 15, Ins 1-4). 

It would have been obvious to provision the Allard '559, Barkely '97, and AAPA 
combination above with ENTERPRISE JAVABEANS (TM) and to implement 
applications using ENTERPRISE JAVABEANS (TM). The ordinarily skilled artisan 
would have been motivated to provision the Allard '559, Barkely '97, and AAPA 
combination above with ENTERPRISE JAVABEANS (TM) and to implement 
applications using ENTERPRISE JAVABEANS (TM) in order to be compliant with a 
standard industry specification, and thus increase market share for the combination. 
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Further note that while the exemplar of the application in the application server of Allard 
'559 in the Allard '559, Barkely '97, and AAPA combination, is MICROSOFT ISAPI 
(TM), Allard '559 states, "It is noted, however, that this invention may be implemented 
using technology other than ISAPI (TM)" (Allard '559: col. 6, Ins. 40-41). 

Response to Arguments 

13. Applicant's arguments filed May 10, 2004 have been fully considered but they are 
not persuasive. 

Applicant Argument 1 

Argument: 

Applicant asserts that the Allard '559, Barkely '97, and AAPA portions 
referenced are each individually "significantly differ enf (Amendment: p. 12, last 
paragraph). 

Response: 

In response to applicant's arguments against the references individually, one 
cannot show nonobviousness by attacking references individually where the rejections 
are based on combinations of references. See In re Keller, 642 F.2d 413, 208 USPQ 871 
(CCPA 1981); In re Merck & Co., 800 F.2d 1091, 231 USPQ 375 (Fed. Cir. 1986). 



Applicant Argument 2 

Argument: 
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Applicant asserts that the Office Action asserts that he required modifications to 
combine Barkely '97 with AUard '559 are insignificant (Amendment: p. 13, first two 
lines). 

Response: 

On the contrary, Barkely '97 discloses an RBAC engine that is combinable with 
an arbitrary web application with minimal modification (Barkely '97: p. 5, Ins. 1-18). 
The Office Action is not asserting, but rather is citing a reference which discloses the 
modifications are insignificant. 

Applicant Argument 3 

Argument: 

Applicant asserts that motivation to combine is absent and that Examiner has not 
pointed to a specification motivation or suggestion to combine in the references 
(Amendment: p. 1 3 , first paragraph) . 

Response: 

On the contrary, for both the Barkely '97 and AAPA references, the Office Action 
contains complete statements of motivation that are explicitly cited by the references, 
specifically: 

"The ordinarily skilled artisan would have been motivated to apply the RBAC 
system of Barkely '97 to the apphcation server of AUard '559 in order to obtain 
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the well known benefits of role based access control (as opposed to control via 
access control lists) [Barkely '97: p. 5, Ins. 21-37]." 

"The ordinarily skilled artisan would have been motivated to use a single database 
server as admitted in AAP A for the data of multiple companies as applied to the 
combination of Allard '559 and Barkely '97 above in order to reduce hardware 
costs. [AAPA: p. 2, Ins. 25-29]." 

Applicant has not stated why these explicit motivational statements are improper, 
thus assertion that motivation to combine is not sufficient to overcome rejection. 

Applicant Argument 4 

Argument: 

Applicant asserts that Barkely '97 does not disclose storing of user company 
information (Amendment: p. 13, second paragraph). 

Response: 

Reference portion cited by examiner (Barkely '97: p. 7, Fig. 3, and p. 6, Table 1) 
explicitly states means of adding RBAC functionality to a web server. Barkely '97: 
Section 2, pp. 2-4 discusses the notion of RBAC consisting of creating access control 
based on roles which are defined by particular users and their particular organization. 
This reads on user company information because a company is an organization. 
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Furthermore, note that RBAC enables an arbitrary set of different organizations, 
to store apphcations on the same server such that individuals belonging to each 
organization may only access applications belonging to their respective organization. 
Thus, resources are saved. Within the context of Barkely '97, the different organizations 
are arbitrary, and may in fact be different companies. 

Applicant Argument 5 

Argument: 

Applicant asserts that the particular advantage of creating a "computer 
infrastructure that can be shared by small and medium sized companies while saving 
resources" is not cited by the references and that further that no motivation to combine 
the references is present (Amendment: p. 13, paragraph 3). 

Response: 

Examiner refers to MPEP 2144 which states that, "Rationale Different From 
Applicant's is Permissible." From the context of Barkely '97, clearly the RBAC engine 
of Barkely '97 is targeting a web server (Barkely '97: Title), and that Allard '559 teaches 
a web server. Thus in of itself is motivation to combine. Furthermore, Office Action 
recites the well known benefits of RBAC as disclosed by Barkely '97 as further 
motivation to combine (Barkely '97: p. 5, Ins. 21-37). 
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Applicant Argument 6 

Argument: 

Applicant asserts there is no motivation to combine Allard '559, Barkely '97, 
AAPA, and Calkins '99 on the same basis as Applicant Arguments 1-5 (Amendment 
14, second and third paragraphs). 

Response: 

Examiner refers to responses to Applicant Arguments 1-5 (supra). 

Applicant Argument 7 

Argument: 

Applicant asserts Claim 5 as amended is in condition for patentability 
(Amendment: p. 15, top paragraph). 

Response: 

Examiner refers to 103(a) rejection of Claim 5 (supra). 

Applicant Argument 8 

Argument: 

Applicant asserts there is no motivation to combine Allard '559, Barkely '97, 
AAPA, and Sun' 99 on the same basis as Applicant Arguments 1-5 (Amendment: p. 15, 
second paragraph). 
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Response: 
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Examiner refers to responses to Applicant Arguments 1-5 (supra). 

Applicant Argument 9 

Argument: 

Applicant asserts there is no motivation to combine AUard '559, Barkely '97, 
AAPA, Sun' 99, and Calkins '99 on the same basis as Applicant Arguments 1-5 
(Amendment: p. 15, second to last paragraph). 

Response: 

Examiner refers to 103(a) rejection of Claim 13 (supra). 

Applicant Argument 10 

Argument: 

Applicant asserts Claim 10 as amended is in condition for patentability 
(Amendment: p. 16, second paragraph). 

Response: 

Examiner refers to 103(a) rejection of Claim 10 (supra). 
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Applicant Argument 11 

Argument: 

Applicant asserts new Claim 14 is in condition for patentability (Amendment: p. 
16, second to last paragraph). 

Response; 

Examiner refers to 103(a) rejection of Claim 14 (supra). 



Conclusion 

14. Applicant's amendment necessitated the new ground(s) of rejection presented in 
this Office action. Accordingly, THIS ACTION IS MADE FINAL. See MPEP 
§ 706.07(a). Apphcant is reminded of the extension of time policy as set forth in 37 
CFR 1.136(a). 

A shortened statutory period for reply to this final action is set to expire THREE 
MONTHS from the mailing date of this action. In the event a first reply is filed within 
TWO MONTHS of the mailing date of this final action and the advisory action is not 
mailed until after the end of the THREE-MONTH shortened statutory period, then the 
shortened statutory period will expire on the date the advisory action is mailed, and any 
extension fee pursuant to 37 CFR 1 .136(a) will be calculated from the mailing date of the 
advisory action. In no event, however, will the statutory period for reply expire later than 
SIX MONTHS fi-om the date of this final action. 
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15. Any inquiry concerning this communication or earlier communications fi-om the 
examiner should be directed to Patrick J Santos whose telephone number is 703-305- 
0707. The examiner can normally be reached on M-F 8:00-4:30. 

If attempts to reach the examiner by telephone are unsuccessful, the examiner's 
supervisor, Safet Metjahic can be reached on 703-308-1436. The fax phone number for 
the organization where this application or proceeding is assigned is 703-872-9306. 

Information regarding the status of an application may be obtained from the 
Patent Application Information Retrieval (PAIR) system. Status information for 
published applications may be obtained from either Private PAIR or Public PAIR. Status 
information for unpublished applications is available through Private PAIR only. For 
more information about the PAIR system, see http://pair-direct.uspto.gov. Should you 
have questions on access to the Private PAIR system, contact the Electronic Business 
Center (EBC) at 866-217-9197 (toll-free). 

Patrick J.D. Santos 
August 20, 2004 
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